Keep Clouds Floating

Who do you do business with? When you need to park your information does it matter what parking lot you select? Do you select based on cost? Do you select based on functionality? Perhaps based on both? What matters most?

I do believe in the cloud. I don’t believe in parking information assets with the cheapest cloud or the one that has a questionable future life. If information is worth storing then it must be worth protecting and having access to in the future. If you have any question about whether or not the Cloud will be floating next week, and you don’t know if you will have access to your data, then you should care.

Imagine a company builds a “cyberlocker” business in the Cloud. Basically it’s a cloud storage provider with a cool moniker. Let’s call the business Megaupload for fun. And let’s say Megaupload decides to use other cloud storage providers to park your data—sort of like outsourcing the “storage in the cloud” to another “storage in the cloud provider.” But let’s say Megaupload is alleged to have done some IP thievery for which they are being pursued by the government for their alleged criminal wrong doing and as a result, the US government closes Megaupload’s cloud doors for business.

And because the doors were closed without warning, you don’t have access to your information. What if you never get it back?

Imagine no more because if you read the February 1, 2012 USA Today article entitled “Legit Megaupload users cut off from their files USA Today” you will realize the story is real and the Cloud risks you fear can come true. Kick the Cloud tires hard. Check the Cloud doors for tightness? Make sure the Cloud is mature and well financed and isn’t going away any time soon.

Information matters. Keep Clouds floating.

Are you kidding me

Bad Information Can Be Deadly

Bad info kills. Is it true that Yemen officials gave US bad intelligence info prompting a missile strike which killed a Yemeni Political instead of an al Qaeda leader as the US was told? Acting on bad info in any business impacts results in major kinds of ways. No doubt Jabir Shabwani, a guy “mistakenly” killed would agree that bad info can be deadly.

Are You Killing Me?

Read more in the Wall Street Journal, “U.S. Doubts Intelligence That Led to Yemen Strike” on December 29, 2011

Take Information Management Seriously

Criminal charges are being brought against BP engineers for the disaster of the Deep Horizon—the Gulf explosion that took 11 lives and created the worst environmental accident in US history. Apparently, the guys gave bad information to regulators which down played the risks of the deep water drilling operations. You think if the engineers, who are being CRIMINALLY prosecuted, got a “do over” they would make the same decisions as before. If providing bad information, destroying needed information and not retaining information can be the basis of prosecution than we should be taking its management more seriously?

Just saying, Are You Kidding Me?

Read more in the Wall Street Journal “Criminal Charges Are Prepared in BP Spill” December 29, 2011.

Hacking Happens

Information security suggests that you can actually protect your information crown jewels. I am not a security expert, but I do know one thing for certain about security. No matter how much you seek to protect information, and how much money and vigilance you throw at the problem, that still bad guys can and will get to your data nugget if they want to bad enough.

I usually determine how important some business event is to the US or world economy based upon its location in the Wall Street Journal. An imprecise science no doubt, but useful nonetheless to ascertain what matters to our economy. So, when I recently read about the US Chamber of Congress getting hacked by the Chinese, I took note that it was the first article on the front page and took up more space on page 4 of the first section. So what, hacking happen every day, all day long. But this one was special because the Chinese hackers grabbed US policy toward China and allowed the bad guys to watch the policy wonks inside the Chamber for over a year, says the FBI. The attack was sophisticated and as a result was undetected by the Chamber until the FBI told them of it recently.

Not only did the Chinese hackers have access to policy documents, email accounts, and all sorts of important information, but they also may have gotten access to Chamber members company email accounts and messages. The hackers even hacked a thermostat at a condo owned by the Chamber and a Chamber printer now inexplicably prints Chinese characters on documents.

Yikes! I was invited to China by a wonderful academic and met with several of her students a short while ago in Beijing. After communicating with the various Chinese students to work out logistics, inexplicably my computer started to change content from English to Chinese characters. If that wasn’t bad enough, the translated characters, were actually “dirty” words usually of a sexual nature. I retired the computer early to protect our reputation but wonder, why bother with my boring email. If someone cares about my stuff they must care about lots of stuff which we don’t think is important. If we don’t think it’s important, I bet we aren’t so vigilant about protecting it. If that’s true, I bet we get lots of stuff hacked that we don’t even know about. Heck even our vigilant folks get exposed.

Are you kidding me.

A Silly Little GLITCH. . . Really???

Repeat after me-when information is in electronic form, the accuracy doesn’t matter, provided that a GLITCH caused the issue. And if there are mistakes in the data, there is no harm because it is caused by a silly little old GLITCH. Take for example, the English organ transplant organization, that had to admit to the government and all those nice people waiting for an organ transplant that it made a small boo-boo. Well, it wasn’t the people that made the mistake, it was a computer glitch. Therefore the downside is rather limited—right?

“The health organisation, which is responsible for the Organ Donation Register (ODR), was found to have recorded the preferences of 444,031 people incorrectly due to a software error which dated back to 1999.” http://www.itpro.co.uk/630274/over-400-000-organ-donation-details-stored-incorrectly

Imagine a middle aged peaked chap, (let’s call him Nigel as that seems brilliantly British) was waiting patiently on the list for a liver and his life depended on it. Because of the GLITCH the transplant list indicated that he was waiting on a butt transplant from a brilliant member of the staff at a prestigious university. And he waits and waits and the butt never shows up.

What’s the big deal about waiting. Imagine, several livers happened by that would have been a match for Nigel but he never was notified because he was looking for a smart @$$.

Are You Kidding Me.

Own the problem. Make it Right.

“Records are neither good nor bad. They just are. Records are neither good nor bad. They just are. Records are neither good nor bad. They just are,” muttered Hansel and Gretel as they reviewed the records of consumed children meticulously kept by the terrible Witch and contemplated their fate of swimming in the cauldron of boiling water.

I am asked all the time about building records programs and “dealing” with litigation proactively. I tell them REALLY clearly to refrain from managing information based upon what may be relevant in litigation, audit or investigation in the future. In other words, don’t architect a RIM program to proactively destroy what you think will hurt you down the road. Build a RIM program for maximizing business value. If something hurts you later on, your lawyers will need to deal with it later.

A pharmaceutical company scientist communicates in email about the efficacy of a drug compound, calling it into question based solely on her personal opinion but no science. Not the right place to question a drug compound efficacy (as drugs are always subject to lawsuits and this piece of evidence will no doubt be unearthed and serve as “proof” of substandard drug quality) but it now exists and may be relevant and discoverable down the road. Good policies, thorough training, and vigilant compliance efforts can deal with a lot of risk exposure but in the end if you hire knuckleheads, then they may hurt your organization.

I read a recent article in “Rolling Stone” magazine about the “The Catholic Church’s Secret Sex-Crime Files.” Among other things, the article is about what the church did wrong in hiding records of child molestation and covering up crimes by Church officials. What struck me about the article is that the author focused on the fact that the Church has kept meticulous files on so many molesters and how it covered up the crimes, over decades. Adding insult to injury, the Church has also kept the files in a place called the “Secret Archive”. This is example is not about faith or my beliefs on such a travesty - simply poor business practices.

You need to keep records of your business. You would want to track bad acts of your employees so you can correct behavior. You would likely keep records of claims made for harm caused by your business or its employees. But referring to the records you don’t want to expose to the world about child molestation and the cover up that ensued for years as “secret archives” makes you look like you know you have something to hide.

Whether a pharmaceutical company or the Church, good business is documented in good record keeping. Build it for transparency. Built it to support all the good business you do. And when records hurt the organization, don’t sweep it under the rug. Own the problem and make it right.

HIPAA Violations - There Are Consequenses

“There are no consequences. There are no consequences. There are no consequences.” And soon thereafter the Wicked Witch of the West “witch slapped” the Kansas smile right off of Dorothy.

A guy was recently charged with violating the Health Insurance Portability and Accountability Act of 1996(HIPAA), which carries a maximum penalty of 10 years in prison, and a fine of $250,000.

As the story goes, confidential medical records were found in a dumpster which apparently belonged to Avalon Centers Inc., a former eating disorder clinic. The defendant is charged with taking the confidential records. However, he claims he did not look through the records that he took and that he did not take any patient files. So for his “innocent until proven guilty” attitude, he is being charged with improperly obtaining and disclosing individually identifiable health information.

Dorothy, Are You Kidding Me!